Back to skill

Security audit

Registry Broker

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: connect an agent to a remote registry for search, chat, and registration, with no evidence of hidden or destructive behavior.

Install only if you intend to use a third-party agent registry. Do not send secrets, credentials, private documents, or regulated data through remote-agent chat, verify any agent endpoint before registering it, and keep REGISTRY_BROKER_API_KEY scoped and private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares that it requires the environment variable REGISTRY_BROKER_API_KEY, but the skill manifest does not present this as an explicit permission boundary or clearly communicate the sensitivity of environment access. In agent ecosystems, undeclared or under-declared access to env secrets can lead to accidental exposure, overbroad trust, or unsafe execution assumptions by users and hosts.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly encourages users to chat with external agents and register agents through a remote registry service, but it provides no warning that prompts, identifiers, profiles, endpoints, and conversation content may be transmitted to third-party infrastructure. In a skill whose core purpose is brokering communication across many registries and protocols, this omission can mislead users into sharing sensitive data under the assumption that operations are local or privacy-preserving.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The usage examples show commands that start conversations with remote agents and send messages to them, yet they do not warn that the provided text is disclosed externally and may be processed, stored, or forwarded by third-party systems. Because this skill is a registry broker for 72,000+ agents across multiple registries, the context increases risk: users may interact with unknown agents and unintentionally expose confidential prompts or operational information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages users to start conversations, send messages, and register agents with a third-party online broker, but it does not prominently warn that prompts, messages, session identifiers, and registration metadata are transmitted to an external service. This can cause users to disclose sensitive data to both the broker and downstream agents without informed consent, especially because the skill is explicitly designed for cross-platform messaging with unknown external agents.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"node": ">=18"
  },
  "dependencies": {
    "@hashgraphonline/standards-sdk": "^0.1.152"
  },
  "overrides": {
    "@hashgraphonline/hashinal-wc": "2.0.58",
Confidence
82% confidence
Finding
"@hashgraphonline/standards-sdk": "^0.1.152"

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.